USA — Cyber Solutions Depend on Partnerships, Official Says

WASHINGTON — Defense Depart­ment offi­cials are reach­ing through­out gov­ern­ment and the pri­vate sec­tor to lay the frame­work for long-term solu­tions in com­put­er net­work secu­ri­ty, the department’s head of cyber pol­i­cy said today.

Defense lead­ers have rec­og­nized the impor­tance of cyber­se­cu­ri­ty, as not­ed in the Qua­dren­ni­al Defense Review, by cre­at­ing U.S. Cyber Com­mand as a sep­a­rate enti­ty to han­dle the evolv­ing issues around net­work secu­ri­ty, Robert J. But­ler, deputy assis­tant sec­re­tary of defense for cyber pol­i­cy, said as part of a pan­el of speak­ers at a cyber­se­cu­ri­ty sym­po­sium spon­sored by the Wash­ing­ton chap­ter of the Armed Forces Com­mu­ni­ca­tions and Elec­tron­ics Asso­ci­a­tion.

AFCEA is a non­prof­it mem­ber­ship asso­ci­a­tion serv­ing the mil­i­tary, gov­ern­ment, indus­try and acad­e­mia as a forum for advanc­ing pro­fes­sion­al knowl­edge and rela­tion­ships in com­mu­ni­ca­tions, infor­ma­tion tech­nol­o­gy, intel­li­gence, and glob­al secu­ri­ty.

Solu­tions to man­ag­ing cyber­se­cu­ri­ty demand the full part­ner­ship of the pub­lic and pri­vate sec­tors, But­ler said, adding that pri­vate-sec­tor Inter­net ser­vice providers are at the core of deci­sions about pri­va­cy ver­sus secu­ri­ty and tech­ni­cal know-how.

“You can’t just do it with the fed­er­al sec­tor,” But­ler said. “You have to have the ISPs and oth­ers who real­ly under­stand the net­works involved.”

Retired Air Force Gen. Ronald E. Keys, a senior advi­sor at the Bipar­ti­san Pol­i­cy Cen­ter and a for­mer com­man­der of Air Com­bat Com­mand, mod­er­at­ed the pan­el. He said the depart­ment had to stand up Cyber Com­mand to coor­di­nate both secu­ri­ty and net­work capac­i­ty issues.

“The biggest issue in the mil­i­tary was we did­n’t know who the hell was on our net­works” due to the mas­sive num­bers of mil­i­tary, civil­ian employ­ee and con­trac­tor users, Keys said. He added that when a sub­or­di­nate com­mand with­in Air Com­bat Com­mand became infect­ed with a virus, he had the unit removed from the net­work until the prob­lem was resolved. Such a shut­down isn’t pos­si­ble when pri­vate com­pa­nies hold the author­i­ty, he not­ed.

“If I go to an ISP to kick some­one off, and they do it, then they get sued,” Keys said. “The ques­tion becomes how do we strip the pro­pri­etary and cus­tomer con­cerns off the infor­ma­tion so we can share it?

“This thing is the Wild West out there,” he added. “It’s pick your dys­func­tion: gov­ern­ment bureau­cra­cy or the pro­pri­etary and prof­it motive.”

Army Brig. Gen. John Davis, Cyber Command’s direc­tor of cur­rent oper­a­tions was on the pan­el. He said mil­i­tary lead­ers have to stay abreast of threats out­side the depart­ment, since 90 per­cent of the department’s net­works run through pri­vate domains.

“We need to be cog­nizant about what’s going on out there, because it has a direct effect on us,” he said. “We are all con­nect­ed in this busi­ness.”

Edu­ca­tion and aware­ness of cyber­se­cu­ri­ty issues are crit­i­cal, But­ler said, through train­ing sce­nar­ios such as the government’s “Cyber Shock­wave” exer­cise held in Feb­ru­ary. A video syn­op­sis of the exer­cise, shown at the sym­po­sium, depict­ed senior U.S. nation­al secu­ri­ty lead­ers react­ing to an ongo­ing, large-scale cyber attack that left some 20 mil­lion Amer­i­cans with­out cell phone use, and the east­ern half of the coun­try with­out elec­tric­i­ty. Inter­net con­nec­tiv­i­ty slowed to a crawl, dis­abling air­lines, air traf­fic con­trol, media out­lets – near­ly every­thing.

The melt­down pur­port­ed­ly was traced to a “bot,” or virus attack, ini­ti­at­ed from a smart phone in Rus­sia. With senior lead­ers dis­cussing the sit­u­a­tion on a cable news net­work, the attor­ney gen­er­al in the sce­nario said U.S. law did not give author­i­ty to quar­an­tine cell phones, from which the virus was spread­ing. “We are in a sol­id, mil­i­tary response role,” the scenario’s home­land secu­ri­ty sec­re­tary said.

Navy Rear Adm. Michael A. Brown, deputy assis­tant sec­re­tary for cyber­se­cu­ri­ty at the Home­land Secu­ri­ty Depart­ment, said the suc­cess of Cyber Com­mand rests on the Home­land Secu­ri­ty Department’s abil­i­ty to pro­vide secu­ri­ty capa­bil­i­ties and capac­i­ty.

“We just can­not wait for an event to occur before we know how we’re going to oper­ate,” Brown said. “The vast major­i­ty of our capa­bil­i­ties and capac­i­ty rests in the pri­vate sec­tor.” Davis under­scored the impor­tance of cyber­se­cu­ri­ty to the mil­i­tary, not­ing Cyber Com­mand is work­ing to improve its abil­i­ty to catch poten­tial threats ear­li­er.

“There is a lot at risk in the bal­ance between being able to oper­ate and con­nect with each oth­er and our under­stand­ing of the vul­ner­a­bil­i­ties out there, and the grow­ing threats to our sys­tem,” Davis said. “All of our mis­sions, all of our equip­ment, is depen­dent on cyber­space.”

Source:
U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs)

Team GlobDef

Team GlobDef

Seit 2001 ist GlobalDefence.net im Internet unterwegs, um mit eigenen Analysen, interessanten Kooperationen und umfassenden Informationen für einen spannenden Überblick der Weltlage zu sorgen. GlobalDefenc.net war dabei die erste deutschsprachige Internetseite, die mit dem Schwerpunkt Sicherheitspolitik außerhalb von Hochschulen oder Instituten aufgetreten ist.

Alle Beiträge ansehen von Team GlobDef →